alt Hacker News> being used under false pretenses
Yes, obviously is that possible, but the least that one should do then is looking up what's really happening. These are browser addons, the source code is available. But instead they are looking from the outside and calling alarm on something they don't understand. That's just poor behaviour and harmful in today's climate.
If you read their full paper, they do technical analysis confirming findings in many cases. Many other researchers have done the same in the recent past.
Full paper also says that the unique URLs were later requested by crawlers, which confirms server-side collection.
What happens server-side is also confirmed by the palant.info article that shows a graphic provided by a major data broker that shows exactly how they mis-use data collected by extensions under false pretenses.
It's far from speculation when there's both technical evidence collected by researchers and direct evidence provided by the bad actors themselves.